Triage tools vary greatly in their technical and operational performance capabilities.
A new generation of server-based solutions allows investigators to bring massive, data center computing capability into the field.
Triaging a computer allows investigators to gather volatile data that would be lost by pulling the plug on a live system.
Collecting a computer into evidence requires careful consideration.
The confusion concerning the Digital and Multimedia Evidence Sub-Disciplines suggests the Discipline should be revised.
Recently, the Scientific Working Group on Digital Evidence (SWGDE) posted a position paper on the National Research Council report that states the “report is a call to action for SWGDE to strengthen the digital evidence discipline.”
New techniques are emerging to help forensic analysts build cases against Internet child pornographers.
Can we clearly differentiate whether an examination falls under Computer Forensics, Forensic Audio, Image Analysis, or Video Analysis?
Insight on designing a functional and efficient digital forensics laboratory
Cloud computing raises some unique law enforcement concerns regarding the location of potential digital evidence, its preservation, and its subsequent forensic analysis.
From minor crimes to major cases, law enforcement is faced with the proper handling and analysis of these devices.
If only it were true, as the televised CSI seems to promise, that any audio recording could be made intelligible with a little bing from a computer. The realities of forensic audio may surprise you—amazing things are possible, but not all things.
The examination of a computer’s hard drive without an additional warrant may become problematic.
Pertaining to the seizure of digital devices, there is some misunderstanding concerning what “executing the warrant within ten days” actually means.
Over the past year or so, many private sector digital forensic examiners have expressed concern regarding whether or not his or her state requires them to obtain a PI license.
This issue, we take a look at the general categories of anti-digital forensics.
Digital Evidence, like any other type of evidence, requires identification, collection, a chain of custody, examination/analysis, and finally authentication in court during presentation to the trier of fact.
If you are in search for what facility design criteria is specific to cyber science and other general design considerations for a forensic facility that includes a cyber crime lab, please continue.
In the last several years, the term Anti-Digital Forensics has entered the vernacular in the Digital Forensics discipline. Conceptually, ADF concerns an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible.
One common misconception of an examiner’s analytical responsibilities is that he or she is to only analyze submitted evidence to the extent of the investigative request. This is far from the truth.
There are many examiners in the Digital Forensic community who are not aware that professional codes of conduct and codes of ethical practices need to be an inherent part of every examination.
There are three essential tasks that an examiner performs during the analysis of evidentiary digital media.
One of the more important facets of digital forensics concerns how to document the findings in a formal report. At first glance, this would seem to be rather straightforward: report what you found.
Don't Forget Your Memory
By Kris Harms, Kevin Mandia
Computer forensics is a field that is changing as fast as software can be written – and that’s fast. For each new application a person uses, such as Skype, Instant Messaging, Media players, and new operating systems, computer forensic examiners have to learn how that application reads, writes, stores, and deletes data.